公告ID: KYLIN-2020-10753
安全等级: 中等
产品: Kylin V3
发布日期: 2020年6月25日
CVE: CVE-2020-10753
CVSS3评分: 5.4
概述:
* Red Hat Ceph Storage (RHCS) 3 and 4 are affected by this vulnerability. Note: although this issue affects the RadosGW S3 API, it does not affect the Swift API. * Red Hat Openshift Container Storage( RHOCS) 4.2 is affected by this flaw. However, because RHOCS 4.2 is now in the Maintenance Phase of support, this issue is not currently planned to be addressed in future updates. * Red Hat OpenStack Platform (RHOSP) 13 is not affected by this flaw because RHOSP 13 only ships the ceph client libraries and does not build server code. 描述:
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. 系统版本:
KYLIN 3.4.x
受影响包列表:
ceph